Storm-1175
Essential information
- Confidence
- 100/100
- Published
- 06/04/2026 23:48
- Modified
- 06/04/2026 23:48
- Updated at
- 06/04/2026 23:48
- Revoked
- No
- Author / Source
- AlienVault
- Resource level
- —
- Primary motivation
- —
- Related entities
- 1 reports, 1 malware, 7 indicators, 17 vulnerabilities (cve)
Description
No description.
Marking (TLP)
TLP:CLEAR
Related entities
Attack patterns, malware, vulnerabilities, indicators and other entities linked to this intrusion set.
Reports (1)
-
17 CVEs 1 Malware 7 Observables 1 APT
Malware (1)
-
Medusa usesThe MITRE Corporation Confidence 100
[MEDUSA](https://attack.mitre.org/software/S1220) is an open-source rootkit that is capable of dynamic linker hijacking, command execution, and logging credentials.(Citation: Google Cloud Mandiant UNC3886 2024)
First seen 01/01/1970 · Last seen 16/11/5138 ·
Indicators (7)
-
stix 100/100· Valid until 03/04/2027 · Source: AlienVault
-
stix 100/100· Valid until 03/04/2027 · Source: AlienVault
-
stix 100/100· Valid until 03/04/2027 · Source: AlienVault
-
stix 100/100 Revoked· Valid until 03/03/2026 · Source: AlienVault
Vulnerabilities (CVE) (17)
A deserialization vulnerability in the License Servlet of Fortra's GoAnywhere MFT allows an actor with a validly forged license response signature to …
- Attack vector
- Network
- Published
- 29/09/2025
- Modified
- 29/05/2026
SmarterTools SmarterMail versions prior to build 9511 contain an authentication bypass vulnerability in the password reset API. The force-reset-password endpoint permits anonymous …
- Attack vector
- Network
- EPSS
- 0.0336 (P87.0%)
- Published
- 26/01/2026
- Modified
- 10/02/2026
PaperCut NG/MF contains an improper authentication vulnerability that could allow remote attackers to bypass authentication on affected installations via the SecurityRequestFilter class.
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 20/04/2023
- Modified
- 22/04/2026
ConnectWise ScreenConnect contains a path traversal vulnerability which could allow an attacker to execute remote code or directly impact confidential data and …
- Attack vector
- Network
- Complexity
- Low
- Published
- 21/02/2024
- Modified
- 29/04/2026
PaperCut MF/NG contains an improper access control vulnerability within the SetupCompleted class that allows authentication bypass and code execution in the context …
- Attack vector
- Network
- Published
- 21/04/2023
- Modified
- 21/12/2025
SimpleHelp remote support software v5.5.7 and before is vulnerable to multiple path traversal vulnerabilities that enable unauthenticated remote attackers to download arbitrary …
- Attack vector
- Network
- Published
- 13/02/2025
- Modified
- 21/12/2025
SimpleHelp contains a path traversal vulnerability that allows admin users to upload arbitrary files anywhere on the file system by uploading a …
- Attack vector
- Network
- Complexity
- Low
- Published
- 16/01/2025
- Modified
- 29/04/2026
SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization, allowing unauthenticated agent to upload potentially malicious executable binaries …
- Attack vector
- Network
- Published
- 29/04/2025
- Modified
- 21/12/2025
JetBrains TeamCity contains a relative path traversal vulnerability that could allow limited admin actions to be performed.
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 04/03/2024
- Modified
- 22/04/2026
SimpleHelp remote support software v5.5.7 and before has a vulnerability that allows low-privileges technicians to create API keys with excessive permissions. These …
- Attack vector
- Network
- Complexity
- Low
- Published
- 16/01/2025
- Modified
- 29/04/2026
SmarterTools SmarterMail contains an unrestricted upload of file with dangerous type vulnerability that could allow an unauthenticated attacker to upload arbitrary files …
- Attack vector
- NETWORK
- Published
- 29/12/2025
- Modified
- 05/03/2026
BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA)contain an OS command injection vulnerability. Successful exploitation could allow an unauthenticated remote attacker …
- Attack vector
- Network
- Published
- 13/02/2026
- Modified
- 20/02/2026